8d2a94e227fba52719de9b50daa53819_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d2a94e227fba52719de9b50daa53819_JaffaCakes118
Size

49KB
MD5

8d2a94e227fba52719de9b50daa53819
SHA1

ce060a4e9200f211e8eeb6dc6a05010e03b7c115
SHA256

106fac49fe5355ad6197f8743d80aa7401da9a3a4b0473059e02a3563e12197b
SHA512

276c99d9cd6a80cd9825369df62cb4259f0a4700330fdc8fada6cf893155a46fa3e6baa60847f715f84ca6e8891a2ae1951210688bb05838a4accec9fd6411ac
SSDEEP

768:XOLQQGPEMqpEsUX6NdDfEd309fwOVyyCnh2+3WIlLQrbRRn:XOLBeinDsZ09fwOVynnh2+3Wq63n

Score

1^/10

Malware Config

Signatures

Files

8d2a94e227fba52719de9b50daa53819_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fc73dcbfa34c0cf85d6671d41277e509

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/02/2009, 00:00

Not After

12/04/2012, 23:59

Subject

CN=CyberLink,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CyberLink,L=Taipei,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:1d:db:e8:d7:ce:37:72:24:9c:b3:79:96:fc:0c:76:ce:4a:1c:42
Signer

Actual PE Digest

dc:1d:db:e8:d7:ce:37:72:24:9c:b3:79:96:fc:0c:76:ce:4a:1c:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Project\YCM50_GM2_UNOTest\subsys\SplashWnd\src\Release\_PySplashWnd.pdb

Imports

gdiplus

GdipCreateBitmapFromFile
GdipCreateHBITMAPFromBitmap
GdipDisposeImage

mfc80u

ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4301
ord1392
ord3940
ord1608
ord1611
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord605
ord577
ord709
ord602
ord1920
ord347
ord501
ord4347
ord3635
ord1021
ord1386
ord4119
ord4574
ord764
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord765
ord315
ord1033
ord1087
ord1197
ord1199
ord1093
ord371
ord1908
ord1162
ord1115
ord1192
ord1168
ord1170
ord1200
ord581
ord762
ord1079
ord3703
ord2638
ord3943
ord4480
ord4256
ord3176
ord6751
ord354
ord293
ord1894
ord2366
ord2361
ord5633
ord1270
ord1271
ord3155
ord1925
ord3204
ord757
ord566
ord6086
ord314
ord4112
ord4238

msvcr80

strncmp
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
memcpy
_wtoi
strstr
free
__CxxFrameHandler3
strncpy
malloc
fputs
printf

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
LocalAlloc
LocalFree
WaitForSingleObject
SetThreadPriority
Sleep
GetLastError
SuspendThread
ResumeThread
GetTickCount
GetEnvironmentVariableW
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentThread

user32

DefWindowProcW
SetWindowLongW
DestroyWindow
EnableWindow
UpdateLayeredWindow
GetWindowLongW
KillTimer
ReleaseDC
RegisterClassExW
CreateWindowExW
GetDesktopWindow
GetWindowRect
GetDC

gdi32

DeleteDC
CreateDIBSection
GdiFlush
BitBlt
SelectObject
CreateCompatibleDC
GetObjectW
DeleteObject
GetStockObject
CreateCompatibleBitmap

msimg32

AlphaBlend

shlwapi

PathFileExistsW

python25

PyObject_Malloc
PyObject_GetAttr
_PyWeakref_CallableProxyType
_PyWeakref_ProxyType
PyObject_Init
_PyInstance_Lookup
PyInstance_Type
PyUnicodeUCS2_AsUnicode
PyType_IsSubtype
PyUnicode_Type
PyDict_SetItemString
PyModule_GetDict
Py_InitModule4
PyCObject_FromVoidPtr
PyModule_AddObject
PyCObject_Import
PyObject_Call
_PyObject_GetDictPtr
PyDict_New
PyDict_SetItem
PyInstance_NewRaw
PyObject_GenericGetAttr
PyType_Type
PyArg_UnpackTuple
PyBool_FromLong
PyObject_IsTrue
PyObject_CallFunctionObjArgs
PyObject_Free
PyString_AsString
PyString_FromFormat
PyString_ConcatAndDel
PyString_FromString
PyString_Format
PyLong_FromVoidPtr
PyObject_GetAttrString
PyClass_Type
PyTuple_New
PyTuple_SetItem
PyErr_Occurred
PyErr_Clear
Py_BuildValue
PyErr_SetString
PyExc_MemoryError
PyExc_IOError
PyExc_IndexError
_Py_NoneStruct
PyExc_TypeError
PyExc_ZeroDivisionError
PyExc_OverflowError
PyExc_SyntaxError
PyExc_ValueError
PyExc_SystemError
PyExc_AttributeError
PyExc_RuntimeError
PyDict_GetItem

Exports

Exports

init_PySplashWnd

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc73dcbfa34c0cf85d6671d41277e509

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5fCertificate

Extended Key Usages

Key Usages

dc:1d:db:e8:d7:ce:37:72:24:9c:b3:79:96:fc:0c:76:ce:4a:1c:42Signer

Headers

File Characteristics

PDB Paths

Imports

gdiplus

mfc80u

msvcr80

kernel32

user32

gdi32

msimg32

shlwapi

python25

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

37:d3:74:0f:b0:4d:b7:fa:54:df:df:35:8b:ef:6d:5f
Certificate

dc:1d:db:e8:d7:ce:37:72:24:9c:b3:79:96:fc:0c:76:ce:4a:1c:42
Signer

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB